At 02:58 AM 9/17/2004, Gordon JC Pearce wrote:
>Now, if you want the server to have some idea of where a given client has come from *within your own site*, you can either fake it with hidden form fields (not always possible, but worth a try), a big long identifier in the GET request (ugly, and prone to error)
And those big long GET/PUT make it much easier for a sniffer on
your network (or along your path) to see your identifiers. :-)
I was travelling a minor auction site the other day, and noticed
that it was keeping state - including my password, in plaintext -
in its stateful URL.
- John
Received on Fri Sep 17 2004 - 08:45:02 BST
This archive was generated by hypermail 2.3.0
: Fri Oct 10 2014 - 23:37:30 BST